General
-
Target
2a41b8df5b88e7e57ad356486e45ae11_JaffaCakes118
-
Size
2.9MB
-
Sample
241009-eckk9awgpb
-
MD5
2a41b8df5b88e7e57ad356486e45ae11
-
SHA1
79c84e0684aefc93c039b7405dbcb3650bc1c0ce
-
SHA256
a3528d1769254239abf14c2a3271ba710a91d23cadfbce619fba6d99495ede91
-
SHA512
2b96ea703dea11564816d3067872c7c5ac7c8d692d0b2931e446ab3d2716a48ea90dce65865abc76252bb4ba827b68061ef270b5f4443e7313a74b20d824989f
-
SSDEEP
49152:lnqLvvJ9Fod/OpY1Jf+YvoVkXrYErnuKlAhUpd01RMEEWIjf5EfdNQmvLc1UGn:ZqjTyop1CrYsuKlAhUpCMEEFjf5YLzjC
Static task
static1
Behavioral task
behavioral1
Sample
2a41b8df5b88e7e57ad356486e45ae11_JaffaCakes118.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2a41b8df5b88e7e57ad356486e45ae11_JaffaCakes118.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$R0.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$R0.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2a41b8df5b88e7e57ad356486e45ae11_JaffaCakes118
-
Size
2.9MB
-
MD5
2a41b8df5b88e7e57ad356486e45ae11
-
SHA1
79c84e0684aefc93c039b7405dbcb3650bc1c0ce
-
SHA256
a3528d1769254239abf14c2a3271ba710a91d23cadfbce619fba6d99495ede91
-
SHA512
2b96ea703dea11564816d3067872c7c5ac7c8d692d0b2931e446ab3d2716a48ea90dce65865abc76252bb4ba827b68061ef270b5f4443e7313a74b20d824989f
-
SSDEEP
49152:lnqLvvJ9Fod/OpY1Jf+YvoVkXrYErnuKlAhUpd01RMEEWIjf5EfdNQmvLc1UGn:ZqjTyop1CrYsuKlAhUpCMEEFjf5YLzjC
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
-
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
b0c77267f13b2f87c084fd86ef51ccfc
-
SHA1
f7543f9e9b4f04386dfbf33c38cbed1bf205afb3
-
SHA256
a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77
-
SHA512
f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e
-
SSDEEP
192:4PtkiQJr7jHYT87RfwXQ6YSYtOuVDi7IsFW14Ll8CO:H78TQIgGCDp14LGC
Score3/10 -
-
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
eac1c3707970fe7c71b2d760c34763fa
-
SHA1
f275e659ad7798994361f6ccb1481050aba30ff8
-
SHA256
062c75ad650548750564ffd7aef8cd553773b5c26cae7f25a5749b13165194e3
-
SHA512
3415bd555cf47407c0ae62be0dbcba7173d2b33a371bf083ce908fc901811adb888b7787d11eb9d99a1a739cbd9d1c66e565db6cd678bdadaf753fbda14ffd09
-
SSDEEP
96:oXHqZ4zC5RH3cXX1LlYlRowycxM2DjDf3GEst+Nt+jvDYx4AqndYHnxss:oXHq+CP3uKrpyREs06YxcdGn
Score3/10 -
-
-
Target
$R0
-
Size
33KB
-
MD5
ace9f19e19a07de0fe7e0f1e858a523c
-
SHA1
898c63c2f9c32d1148f8618a6f9dee89984a8f9d
-
SHA256
7e79de7c3ef68b615e86a732597a8022de71a14d81be4b4978db39a67cfc3d57
-
SHA512
a2e32fe5c3652824572f8f1a9a7b145e1c17cb6fbffa52903cffa548f450df89d996b933f95726bb514dfaa16c7d9b2ffa1caedf6ccbf6f1a577b48b0b052ebb
-
SSDEEP
384:DpbEzt/FPOksY2vb/qDl2uzCnpkDBnAeZv7/HkrWZ75fSvO3PHl/QgIZM46aeHb:DpAztlObS8rnpkCwz/AmAO3PxzC59eH
Score7/10-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-